activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1545) JMS MessageProducer fails to expose exception on send when message is sent non-persistent, but not authorised
Date Mon, 18 Dec 2017 11:09:00 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294816#comment-16294816
] 

ASF GitHub Bot commented on ARTEMIS-1545:
-----------------------------------------

Github user mtaylor commented on the issue:

    https://github.com/apache/activemq-artemis/pull/1722
  
    @michaelandrepearce In general I think this looks good.  
    
    The only thing I am not seeing here is backwards compat between the new client and an
old server.  There are two ways you can easily handle this:
    1. Instead of creating new SessionSend V2 Packets, you can just extend the old one and
add the extra bits at the end of the buffer.  This would mean the old server can still decode
the message.  (It would just ignore the last couple bytes).
    2. Check to see if the server version >= 130 and create the appropriate packets.
    
    @clebertsuconic has just ported/extended a backwards compat framework in another PR. 
Once this is merged you should be able to easily test for this.



> JMS MessageProducer fails to expose exception on send when message is sent non-persistent,
but not authorised
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-1545
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1545
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Michael Andre Pearce
>
> When sending persistent, behaviour is blocking and a Security exception is thrown. The
same behaviour that the client is exposed to the client when sending non-persistent, so that
a client could log or take action asynchronously. 
> This can be recreated easily by the following:
> Add the following security section , that means guest is not auth'd to send to "guest.cannot.send"
> activemq-artemis/tests/jms-tests/src/test/resources/broker.xml
>  <security-setting match="guest.cannot.send">
>                <permission type="createDurableQueue" roles="guest,def"/>
>                <permission type="deleteDurableQueue" roles="guest,def"/>
>                <permission type="createNonDurableQueue" roles="guest,def"/>
>                <permission type="deleteNonDurableQueue" roles="guest,def"/>
>                <permission type="consume" roles="guest,def"/>
>                <permission type="browse" roles="guest,def"/>
>                <permission type="send" roles="def"/>
>            </security-setting>
> Then add the following tests to this test (first is proving exception correctly is thrown
when persistent is sent using jms api, and second shows behaviour difference and no error):
> activemq-artemis/tests/jms-tests/src/test/java/org/apache/activemq/artemis/jms/tests/SecurityTest.java
>   /**
>     * Login with valid user and password
>     * But try send to address not authorised - Persistent
>     * Should not allow and should throw exception
>     */
>    @Test
>    public void testLoginValidUserAndPasswordButNotAuthorisedToSend() throws Exception
{
>       ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
>       Connection connection = connectionFactory.createConnection("guest", "guest");
>       Session session = connection.createSession();
>       Destination destination = session.createQueue("guest.cannot.send");
>       MessageProducer messageProducer = session.createProducer(destination);
>       try {
>          messageProducer.send(session.createTextMessage("hello"));
>          fail("JMSSecurityException expected as guest is not allowed to send");
>       } catch (JMSSecurityException activeMQSecurityException){
>          //pass
>       }
>       connection.close();
>    }
>    /**
>     * Login with valid user and password
>     * But try send to address not authorised - Non Persistent.
>     * Should have same behaviour as Persistent with exception on send.
>     */
>    @Test
>    public void testLoginValidUserAndPasswordButNotAuthorisedToSendNonPersistent() throws
Exception {
>       ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61616");
>       Connection connection = connectionFactory.createConnection("guest", "guest");
>       Session session = connection.createSession();
>       Destination destination = session.createQueue("guest.cannot.send");
>       MessageProducer messageProducer = session.createProducer(destination);
>       messageProducer.setDeliveryMode(DeliveryMode.NON_PERSISTENT);
>       try {
>          messageProducer.send(session.createTextMessage("hello"));
>          fail("JMSSecurityException expected as guest is not allowed to send");
>       } catch (JMSSecurityException activeMQSecurityException){
>          //pass
>       }
>       connection.close();
>    }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message